2

I have set up an Azure VNet gateway to allow P2S clients to connect to resources within a VNet.

The VNet has address range 10.0.0.0/24, and has two subnets: the GatewaySubnet 10.0.0.0/25 and the WorkloadSubnet 10.0.0.128/25. The P2S address pool is 10.1.0.0/24. We want to allow P2S clients to reach machines in the WorkloadSubnet, which works fine. However, a P2S client at e.g. 10.1.0.12 is allowed to talk to another P2S client at e.g. 10.1.0.13. This is not desirable, and we want to block all traffic between P2S clients.

An NSG is not allowed on the GatewaySubnet, so how can I achieve this?

Håvard S
  • 121
  • 2

1 Answers1

0

I have the same question and scenario. Just went down the path of an NSG and realized it doesn't work for the subnet in question. Have you gotten anywhere with this?

Are Too
  • 1
  • This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://serverfault.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://serverfault.com/help/whats-reputation), you can also [add a bounty](https://serverfault.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/537963) – Dave M Dec 25 '22 at 19:37